CVE-2019-10354
Missing Authorization in Jenkins
4.3
MEDIUM
CVSS 3.1
EPSS 0.19%
Description
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
How to fix CVE-2019-10354
To remediate CVE-2019-10354, upgrade the affected package to a fixed version below.
- Maven/org.jenkins-ci.main:jenkins-core—upgrade to 2.176.2 or later
- —upgrade to 1.257.1 or later
Is CVE-2019-10354 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.176.2
- from 0, < 1.257.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |